Hi All Please take a review at
http://cr.openjdk.java.net/~weijun/8014628/webrev.00/ Most changes are just duplicating existing classes/methods/fields on AES-SHA1 etypes. One day we might do some refactoring to simplify this. Real changes: - AesSha2DkCrypto.java: 1. A new dr() method, explained in https://tools.ietf.org/html/rfc8009#section-3 2. etype name used in stringToKey(), explained in https://tools.ietf.org/html/rfc8009#section-4 3. A separate deriveKey() method. Not only it reduces duplicated codes, but it is also used in KerberosAesSha2.java the test. - Config.java: Previous AES-SHA1 etypes now have aliases aes128-sha1 and aes256-sha1. - EType.java: The default enctypes set now includes the new aes-sha2 etypes, but aes-sha1 etypes are more preferred. This is also what MIT krb5 is doing. - KerberosAesSha2.java Test vectors in https://tools.ietf.org/html/rfc8009#appendix-A. Thanks Max